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DETAILED ACTION 

1 . Claims 1 -24 have been examined. 

Claim Rejections - 35 USC §103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1-3, 5-9, 1 1-17, 19-22, and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Applicant's Admitted Prior Art (hereinafter AAPA) in view of Mont "The HP 
Time Vault Service: Innovating the Way Confidential Information is Disclosed, at the Right 
Time" (hereinafter Mont) and further in view of Smith et al. U.S. Pat. No. 6061448 (hereinafter 
Smith) and further in view of Lee U.S. Pub. No. 20020188690 (hereinafter Lee). 

4. As per claim 1, AAPA discloses a method for using identity-based encryption (IBE) to 
securely convey messages over a communications network from a sender to a recipient, wherein 
the recipient has an associated IBE public key and an associated IBE private key for use in IBE 
encryption and decryption, wherein the sender uses the IBE public key of the recipient and IBE 
public parameter information associated with the recipient, wherein the IBE public parameter 
information is maintained on an IBE public parameter information is maintained on an IBE 
public parameter information host that provides the IBE public parameter information over the 
communications network, wherein the host has a service name that is used to communicate with 



Application/Control Number: 1 0/607, 1 95 Page 3 

Art Unit: 2131 

the host over the network (AAPA: pages 1-3: the IBE system and use of public key and public 
parameter information to encrypt message). AAPA does not explicitly disclose the method 
comprising: at the sender, using a service name generation rule to generate the service name of 
the host based on the IBE public key of the recipient; using the service name to obtain the IBE 
public parameter information associated with the recipient for the sender from the IBE public 
parameter host over the network; and at the sender, using the IBE public parameter information 
obtained from the IBE public parameter host and the IBE public key of the recipient to encrypt a 
message for the recipient. However, Mont discloses contacting the TA site to retrieve the public 
parameter information so that the sender can encrypt the message to be sent to the recipient 
(Mont: page 9 and page 1 1). One with ordinary skill in the art would use both public key of the 
recipient and the public detail/parameter from Trusted Authority to encrypt message to be sent to 
recipient. It would have been obvious to one having ordinary skill in the art at the time of 
applicant's invention to combine the teachings of Mont within the system of AAPA because the 
public detail/parameter is used to provide functionality of a trusted party so that the recipient can 
trust that the message came from an authentic source. AAPA does not explicitly disclose the 
public parameter can be retrieved from a host associated with the recipient's public key. 
However, Smith discloses that public key can be requested from Delivery Server (Smith: column 
2 line 65 - column 3 line 32). Since Mont discloses that the public key of recipient can be e-mail 
address, the sender can request public key from the mail delivery server (host) and use the public 
key to encrypt messages to be sent to recipient. It would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to combine the teachings of Smith 
within the combination of AAPA-Mont because using the public key of trusted authority to 
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encrypt message increases the authenticity and security of the message. AAPA as modified does 
not explicitly disclose generating a host name associated with the public key. However, Lee 
discloses using the e-mail address of the recipient to trace the e-mail server so that certain 
functions can be performed (Lee: [0022]; [0028]-[0034]). One with ordinary skill in the art at the 
time of applicant's invention would use the e-mail address (public key) to generate the e-mail 
server address so that the server address can be obtained to request the public key required to 
encrypt message to be sent to recipient. Therefore, it would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to combine the teachings of Lee 
within the combination of AAPA-Mont-Smith because it allows the sender to check whether the 
address for the intended recipient exists and whether the address and domains are correct. 

5. As per claim 2, AAPA as modified discloses the method defined in claim 1 . AAPA as 
modified further discloses the method comprising: at the sender, using the service name 
generated with the service generation rule and the IBE public key to provide the host with a 
request that the host provide the IBE public parameter information to the sender (Lee: [0022]; 
[0028]-[0034]: generate the host address); and with the IBE public parameter host, providing the 
IBE public parameter information to the sender in response to the request for the IBE public 
parameter information from the sender (Smith: column 2 line 65 - column 3 line 32). Same 
rationale applies here as above in rejecting claim 1 . 

6. As per claim 3, AAPA as modified discloses the method defined in claim 2. AAPA as 
modified further discloses the method comprising: at the sender, sending the request to the host 
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server (Smith: column 2 line 65 - column 3 line 32). AAPA does not explicitly disclose sending 
e-mail message to request public key. However, it would have been obvious to one having 
ordinary skill in the art at the time of applicant's invention to communicate using e-mail 
message, instant message, or packets within communication network to retrieve desired 
information. 

7. As per claim 5, AAPA as modified discloses the method defined in claim 1 . AAPA as 
modified further discloses wherein the recipient has a message address, the method further 
comprising: at the sender, using the service name generation rule to generate the service name of 
the IBE public parameter host (Lee: [0022]; [0028]-[0034]). AAPA as modified does not 
explicitly disclose generating host name by prepending a string to at least a portion of the 
message address. However, since the purpose of generating the host name is to contact the e-mail 
server. Therefore, it would have been obvious to one having ordinary skill in the art to modify 
the teachings of Lee to prepend the e-mail server name to a portion of the recipient's e-mail 
address (e.g. the domain section) to generate a server address and contact e-mail server for 
information. Since the applicant has not disclosed generating the host/server address by 
prepending the server/host name to the domain section of an e-mail address solves any specific 
problem or for any particular purpose, it appears generating the address of the e-mail server/host 
by examining the domain portion and searching for server address would work equally well. 

8. As per claim 6, claim 6 encompasses the same scope as described in claim 5. Therefore, 
claim 6 is rejected based on the reason set forth in claim 5. 
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9. As per claim 7, AAPA as modified discloses the method defined in claim 1. AAPA as 
modified further discloses wherein the IBE public parameter information host has an identity, the 
method further comprising: at the sender, verifying the identity of the IBE public parameter 
information host from which the IBE public parameter information is obtained (Lee: [0022], 
[0028]-[0034]: host name checker). It would have been obvious to one having ordinary skill in 
the art at the time of invention to check the sender's identity of the e-mail host so that proper 
message can be delivered. Therefore, it would have been obvious to one having ordinary skill in 
the art at the time of applicant's invention to combine the teachings of Lee within the 
combination of AAPA-Mont-Smith-Lee because it reduces the likelihood of sending e-mail to an 
address that does not exist. 

10. As per claim 8, AAPA as modified discloses the method defined in claim 7. AAPA as 
modified further discloses wherein verifying the identity of the IBE public parameter information 
host comprises: at the sender, comparing service name information received from the IBE public 
parameter information host by the sender to the service name generated with the service name 
generation rule to determine whether there is a match (Lee: [0022], [0028]-[0034]: checks 
whether a host name input by the user exists). Same rationale applies here as above in rejecting 
claim 7. 

11. As per claim 9, AAPA as modified discloses the method defined in claim 7. AAPA as 
modified further discloses wherein the IBE public key of the recipient includes a message 
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address having a domain name portion and wherein verifying the identity of the IBE public 
parameter information host comprises: at the sender, comparing identity information received 
from the IBE public parameter information host by the sender to the domain name portion of the 
message address to determine whether the identity information matches the domain name portion 
(Lee: [0022], [0028]-[0034]: checks whether a host name input by the user exists). Same 
rationale applies here as above in rejecting claim 7. 

12. As per claim 1 1 , AAPA as modified discloses the method defined in claim 1 . AAPA as 
modified further discloses the method comprising: with the IBE public parameter information 
host, providing the sender with identity information signed by a certificate authority (Smith: 
column 2 line 65 - column 3 line 32). 

13. As per claim 12, AAPA as modified discloses the method defined in claim 1 . AAPA as 
modified further discloses the method comprising, with the IBE public parameter information 
host, providing the sender with the IBE public parameter information signed by a certificate 
authority (Smith: column 2 line 65 - column 3 line 32). 

14. As per claim 13 and 14, AAPA as modified discloses the method defined in claim 1 . 
AAPA as modified further discloses wherein providing the IBE public parameter information to 
the sender comprises providing the IBE public parameter information to the sender over a 
secure/insecure communications link (Smith: column 5 lines 60-63: communicate with the 
delivery server through secure channel). It would have been obvious to one having ordinary skill 
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in the art to use either secure/insecure communications link to transfer data depending on 
whether the data is confidential because the encrypted data can be sent through insecure channel 
and unencrypted data can be sent through secure channel and both being received securely. 

15. As per claim 15, AAPA as modified discloses the method defined in claim 14. AAPA as 
modified does not explicitly disclose wherein providing the IBE public parameter information to 
the sender over the insecure link comprises using the IBE public parameter information host to 
encrypt the IBE public parameter in a message format prior to sending the IBE public parameter 
information to a sender in the message format over the insecure link. However, transferring 
confidential data over insecure channel by encrypting the confidential data before transmission is 
well known in the art. Therefore, one with ordinary skill in the art would encrypt a confidential 
data first before sending it through insecure communication link. 

16. As per claim 16, 19, 21, 22, and 24, claims 16, 19, 21, 22, and 24 encompass the same 
scope as disclosed in claim 1. Therefore, claims 16, 19, 21, 22, and 24 are rejected based on the 
same reason set forth in claim 1 . 

17. As per claim 17, AAPA as modified discloses the method defined in claim 1. AAPA as 
modified does not explicitly disclose wherein the message is an instant message and wherein the 
IBE public key of the recipient comprises an instant message address, the method comprising: at 
the sender, using the instant message address of the recipient to send the instant message to the 
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recipient over the communications network. However, one with ordinary skill in the art would 
apply the method over any communications method not limiting to e-mail and instant message. 

18. As per claim 20, AAPA as modified discloses the method defined in claim 1 . AAPA as 
modified does not explicitly disclose the method further comprises a domain name, the method 
further comprising: at the sender, using the domain name to establish a secure sockets layer 
communications link with the IBE public key parameter information host over the Internet. 
However, SSL is well known in the art to establish secure communication path in Internet 
communications because it supports authentication of client, server, or both, as well as 
encryption during a communications session. 

19. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over AAPA in view of 
Mont and further in view of Smith and further in view of Lee and further in view of Boneh et al. 
U.S. Pub. No. 20030081785 (hereinafter Boneh). 

20. As per claim 4, AAPA as modified discloses the method defined in claim 1 . AAPA as 
modified does not explicitly discloses wherein an IBE private key generator is connected to the 
network, the method further comprising: electronically conveying the IBE public parameter 
information from the IBE private key generator to the host. However, Boneh discloses the 
private key generator generate public parameter for message sender (Boneh: [0059] and [0064]). 
It would have been obvious to one having ordinary skill in the art to interpret the PKG as trusted 
authority that generate public parameter and private key for the identity based encryption system 
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and the trusted authority provide the public key/public parameter to host/server as disclosed by 
Smith (column 2 line 65 - column 3 line 32) and retrieved by sender. Therefore, it would have 
been obvious to one having ordinary skill in the art at the time of applicant's invention to 
combine the teachings of Boneh within the combination of AAPA-Mont-Smith-Lee because the 
PKG serves as a trusted authority in providing authenticity of the message sent by sender 
through the use of the public parameter and use of PKG within IBE is well known in the art. 
Furthermore, the PKG can serve as independent entity or an entity within a server/host. 

21. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over AAPA in view of 
Mont and further in view of Smith and further in view of Lee and further in view of McMorris et 
al. U.S. Pub. No. 20030163567 (hereinafter McMorris). 

22. As per claim 10, AAPA as modified discloses the method defined in claim 7. AAPA as 
modified discloses the Delivery server sends the public key (certificate) to the sender upon 
request. AAPA as modified does not explicitly disclose wherein a certificate authority provides a 
certificate that contains the service name of the IBE public parameter information host and 
wherein verifying the identity of the IBE public parameter information host comprises: providing 
the certificate that contains the service name of the IBE public parameter information host to the 
sender so that the sender can compare signed service name information in the certificate to the 
service name of the host that was generated by the service name generation rule to determine 
whether there is a match. However, McMorris discloses comparing the domain name with the 
domain name in a digital certificate to validate a domain name associated with an attempt to 
access to a network site (McMorris: figure 3 and [0030]-[003 1]: the domain name of 
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hotmail.com in a digital certificate). One with ordinary skill in the art would compare the domain 
name generated by user (Lee: [0022], [0028]-[0034]) with the domain name in a digital 
certificate (Smith: column 2 line 65 - column 3 line 32: Delivery server transmits a certificate to 
mail sender) in order to authenticate users attempting to access network resource. Therefore, it 
would have been obvious to one having ordinary skill in the art at the time of applicant's 
invention to combine the teachings of McMorris within the combination of AAPA-Mont-Smith- 
Lee because the comparison allows the system to authenticate users and avoid man-in-the-middle 
attack by denying access to the secure server when comparison fails. 

23. Claim 18 is rejected under 35 U.S.C. 103(a) as being unpatentable over AAPA in view of 
Mont and further in view of Smith and further in view of Lee and further in view of Mont U.S. 
Pub. No. 20030198348 (hereinafter Mont2). 

24. As per claim 18, AAPA as modified discloses the method defined in claim 1. AAPA as 
modified does not explicitly discloses the method comprising providing the sender with the 
service name generation rule in a plug-in module. However, Mont2 discloses using plug-in to 
execute identity based encryption scheme (Mont2: [0021]). One with ordinary skill in the art 
would use the software plug in to encrypt message and communicate with trust authority using 
plug in. Therefore, it would have been obvious to one having ordinary skill in the art at the time 
of applicant's invention to combine the teachings of Mont2 within the combination of AAPA- 
Mont-Smith-Lee because software plug in is well known in the art to communicate data in a 
distributed network environment. 
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25. Claim 23 is rejected under 35 U.S.C. 103(a) as being unpatentable over AAPA in view of 
Mont and further in view of Smith and further in view of Lee and further in view of Martija et al. 
U.S. Pub. No. 20020169857 (hereinafter Martija). 

26. As per claim 23, AAPA as modified discloses the method defined in claim 1 . AAPA as 
modified does not explicitly disclose wherein the IBE public key contains at least one 
geographical region attribute, the method further comprising using the service name generation 
rule to generate the service name by basing the service name at least partially on the 
geographical region attribute. However, Martija discloses parsing the host name to determine the 
geographical regions of the host (Martija: [0044]-[0045]). One with ordinary skill in the art 
would parse the string to obtain information related to domain and geographic regions contain in 
the string to determine information about the host including generating host name. Therefore, it 
would have been obvious to one having ordinary skill in the art at the time of applicant's 
invention to combine the teachings of Martija within the combination of AAPA-Mont-Smith-Lee 
because parsing a string to determine host domain information is well known in the art. 

Response to Arguments 

27. Applicant's arguments filed on 2/10/05 have been fully considered but they are not 
persuasive. 

28. Claim objection to claim 10 has been withdrawn. 
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29. Regarding claim 1, applicant argues that the reference in combination does not disclose 
the issue associated with handling multiple sets of IBE public parameter information. However, 
the claim limitation does not disclose handling multiple set of IBE public parameter information. 
Therefore, the examiner is not required to examine that limitation. 

30. Also regarding claim 1, in response to applicant's argument that there is no suggestion to 
combine the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention where 
there is some teaching, suggestion, or motivation to do so found either in the references 
themselves or in the knowledge generally available to one of ordinary skill in the art. See In re 
Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and/« re Jones, 958 F.2d 347, 21 
USPQ2d 1941 (Fed. Cir. 1992). In this case, there is sufficient motivation to combine the 
reference. Since the sender has to contact the TA for public detail so that sender can encrypt the 
message intended for the recipient. Since the public key can be e-mail address, one with ordinary 
skill in the art would assume that the host can be e-mail server that is responsible for delivering 
the message (as disclosed by Smith reference) and the method of contacting the delivery server is 
to obtain from the e-mail address of the recipient (as disclosed by Lee reference). Therefore, 
applicant's argument is respectfully traversed. 
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Conclusion 

3 1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Shin-Hon Chen 
Examiner 
Art Unit 2131 

SC 
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